Fix for "Record of death" vulnerability CVE-2010-0740.

Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010), and further harmonize this version of CHANGES with the versions in the current branches.
author: Bodo Möller <bodo@openssl.org> 2010-03-25 11:25:30 +0000
committer: Bodo Möller <bodo@openssl.org> 2010-03-25 11:25:30 +0000
commit: 3e8b6485b342d70e980418bc4bb2c60148d844d8 (patch)
tree: e83f265efa133daf6a9305d37f1588a17ee3fa2c /CHANGES
parent: f2e8488b8521e133f4f6da8dba635c57d1387990 (diff)
1 files changed, 17 insertions, 8 deletions
diff --git a/CHANGES b/CHANGES
index b07b56d72b..79ef46254f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -99,7 +99,7 @@
      whose return value is often ignored. 
      [Steve Henson]
 
- Changes between 0.9.8m and 1.0.0  [25 Feb 2010]
+ Changes between 0.9.8n and 1.0.0  [xx XXX xxxx]
 
   *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
      context. The operation can be customised via the ctrl mechanism in
@@ -118,10 +118,6 @@
      it from client hello again. Don't allow server to change algorithm.
      [Steve Henson]
 
-  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
-     change when encrypting or decrypting.
-     [Bodo Moeller]
-
   *) Add load_crls() function to apps tidying load_certs() too. Add option
      to verify utility to allow additional CRLs to be included.
      [Steve Henson]
@@ -944,13 +940,22 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
   
-   Changes between 0.9.8m and 0.9.8n [xx XXX xxxx]
-  
+ Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
+
+  *) When rejecting SSL/TLS records due to an incorrect version number, never
+     update s->server with a new major version number.  As of
+     - OpenSSL 0.9.8m if 'short' is a 16-bit type,
+     - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
+     the previous behavior could result in a read attempt at NULL when
+     receiving specific incorrect SSL/TLS records once record payload
+     protection is active.  (CVE-2010-####)
+     [Bodo Moeller, Adam Langley]
+
   *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
      could be crashed if the relevant tables were not present (e.g. chrooted).
      [Tomas Hoger <thoger@redhat.com>]
 
- Changes between 0.9.8l and 0.9.8m  [25 Feb 2010]
+ Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
 
   *) Always check bn_wexpend() return values for failure.  (CVE-2009-3245)
      [Martin Olsson, Neel Mehta]
@@ -986,6 +991,10 @@
      CVE-2009-4355.
      [Steve Henson]
 
+  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
+     change when encrypting or decrypting.
+     [Bodo Moeller]
+
   *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
      connect and renegotiate with servers which do not support RI.
      Until RI is more widely deployed this option is enabled by default.
author	Bodo Möller <bodo@openssl.org>	2010-03-25 11:25:30 +0000
committer	Bodo Möller <bodo@openssl.org>	2010-03-25 11:25:30 +0000
commit	3e8b6485b342d70e980418bc4bb2c60148d844d8 (patch)
tree	e83f265efa133daf6a9305d37f1588a17ee3fa2c /CHANGES
parent	f2e8488b8521e133f4f6da8dba635c57d1387990 (diff)